Solved

Another false positive for W32.Malware.Gen - This time in xvid.dll, xvidcore.dll

  • 21 March 2013
  • 5 replies
  • 116 views

Using 2013 version of the software. Today it flagged the  xvid.dll and xvidcore.dll files in my Windows 7 system32 directory. The last modified dates for the dll's were from 2004, and this isn't the first time I've gotten false positives with SecvureAnywhere 2013, and at least one of the other incidents was also for the W32.Malware.Gen.
 
In the past they were pretty much associated with downloaded executables, and I didn't mind deleting them, since they were usuyally older archived versions; but I wasn't about to delete any dll's without rechecking. A Webroot rescan picked up the same files. I then scanned the directory with Emsisoft's malware detector, and it found nothing.
 
I'm becoming concerned about these false positives. Are others finding this happening repeatedly?
 
----------------------------------------------------------------------------------------------------------------------------------------
[b] c:windowssystem32xvid.dll [MD5: 4581AC2AAD750548AC6B4AA6A06D1926] [Flags: 00080000.11333] [Threat: W32.Malware.Gen]
[b] c:windowssystem32xvidcore.dll [MD5: 06E70FF8D74F243C32BC38E00837E193] [Flags: 00080000.11335] [Threat: W32.Malware.Gen]
icon

Best answer by Rakanisheu Retired 21 March 2013, 16:17

Hello,

 

Thanks for the feedback, I have fixed those false positives and they should no longer be detected. With any AV software there will be some false positives but we generally have a very low number of FP`s  considering the large volume of malware that we detect every day.

 

Webroot will not remove any critical Windows files that are needed to it to boot but there is no harm in submitting a troubleshooting ticket so we can take a look at any detection if you are ever concerned. The detection name (W32.Malware.Gen) is a generic malware group name that is used by the industry.

 

Thanks,

Roy

Threat Research
View original

5 replies

Userlevel 7
Hello harried and welcome to the Community!
 
False positives do not seem to be a problem for most users, but please Submit a Trouble Ticket as that is the best way to report such issues.
Userlevel 7
Hello,
 
Thanks for the feedback, I have fixed those false positives and they should no longer be detected. With any AV software there will be some false positives but we generally have a very low number of FP`s  considering the large volume of malware that we detect every day.
 
Webroot will not remove any critical Windows files that are needed to it to boot but there is no harm in submitting a troubleshooting ticket so we can take a look at any detection if you are ever concerned. The detection name (W32.Malware.Gen) is a generic malware group name that is used by the industry.
 
Thanks,
Roy
Threat Research
Userlevel 7
@ wrote:
Hello,
 
Thanks for the feedback...........
Thanks,
Roy
Threat Research

Roy, it is GREAT to see you becoming more active on here!
Thanks for the prompt responses and help! I had submitted a question about the incident under the support "other" option. I'm not sure if that's what the trouble ticket is. I looked at the form for submitting a false positive, but that was for the software vendor.
Userlevel 7
I`ll keep an eye out for the ticket. The files have been marked good in any case but there is no harm in having a ticket as we can keep a record of any issue that you have had .

Reply